IIS security alert - new attack?

From: Mike Larson (anonymous_at_discussions.microsoft.com)
Date: 12/29/03

Next message: Christopher Haun: "RE: IIS still vulnerable"
Previous message: Paul Lynch: "Re: IIS still vulnerable"
In reply to: Chris Popescu: "IIS security alert - new attack?"
Next in thread: Mike Larson: "IIS security alert - new attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Dec 2003 10:16:00 -0800

I wish I had a solution for you but I don't. I
experienced the same problem today, 12-29-03. My server
would not serve web pages and when I looked at the CPU
utilization it was 90-100 and but when I hit the processes
tab the system idle process was 90. I have all patches,
URLSCAN, IISlockdown and removed non-essential services.
I bet it is some new worm or virus. My attackers ip was
64.223.230.X Verizon Global Networks, Inc

>-----Original Message-----
>Hi,
>
>Does anyone know what kind of attack is this and how can
be prevented?
>
>IIS servers will not be able to serve any other pages for
the time when this attack is active.
>
>We use UrlScan and we have IIS 5/6 patched with latest
security patches.
>
>However from IIS logs I can not see much about how this
attack is performed.
>
>Thank you,
>
>Chris
>
>
>x.x.x.x is our server IP address.
>2003-12-21 17:21:53 211.38.90.129 - x.x.x.x 80
HEAD /index.asp - 200 362 40 - - -
>2003-12-21 17:21:59 211.38.90.129 - x.x.x.x 80 - - - 404
245 65 - - -
>2003-12-21 17:22:07 211.38.90.129 - x.x.x.x 80 - - - 404
143 109 - - -
>2003-12-21 17:22:17 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 17:22:26 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:22:36 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 17:22:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 17:22:59 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 17:23:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 110 - - -
>2003-12-21 17:23:22 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 17:23:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:23:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 17:24:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 17:24:13 211.38.90.129 - x.x.x.x 80 - - - 404
245 140 - - -
>2003-12-21 17:24:27 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 17:24:40 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:24:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:25:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:25:20 211.38.90.129 - x.x.x.x 80 - - - 404
143 124 - - -
>2003-12-21 17:25:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:25:46 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:26:00 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 17:26:13 211.38.90.129 - x.x.x.x 80 - - - 404
245 75 - - -
>2003-12-21 17:26:27 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:26:41 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:26:55 211.38.90.129 - x.x.x.x 80 - - - 404
245 75 - - -
>2003-12-21 17:27:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:27:23 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 17:27:36 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:27:50 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 17:28:04 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:28:18 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 17:28:31 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:28:45 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 17:28:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:29:12 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 17:29:26 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 17:29:40 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 17:29:54 211.38.90.129 - x.x.x.x 80 - - - 404
245 140 - - -
>2003-12-21 17:30:08 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:30:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 90 - - -
>2003-12-21 17:30:35 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:30:49 211.38.90.129 - x.x.x.x 80 - - - 404
245 90 - - -
>2003-12-21 17:31:03 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 17:31:17 211.38.90.129 - x.x.x.x 80 - - - 404
245 93 - - -
>2003-12-21 17:31:31 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 17:31:44 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:31:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 139 - - -
>2003-12-21 17:32:12 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 17:32:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:32:40 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:32:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 17:33:07 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 17:33:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 93 - - -
>2003-12-21 17:33:35 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 17:33:49 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 17:34:02 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 17:34:16 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 17:34:30 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:34:44 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 17:34:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 17:35:11 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 17:35:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 17:35:39 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 17:35:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:36:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:36:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:36:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:36:48 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:37:02 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:37:16 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:37:30 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:37:44 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 17:37:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 17:38:11 211.38.90.129 - x.x.x.x 80 - - - 404
245 101 - - -
>2003-12-21 17:38:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 17:38:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 67 - - -
>2003-12-21 17:38:52 211.38.90.129 - x.x.x.x 80 - - - 404
143 148 - - -
>2003-12-21 17:39:06 211.38.90.129 - x.x.x.x 80
HEAD /etc/passwd /c+dir+c:\ 404 144 138 - - -
>2003-12-21 17:39:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:39:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:39:48 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:40:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:40:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:40:29 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:40:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:40:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:41:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:41:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:41:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:41:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:42:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:42:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 17:42:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 17:42:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 140 - - -
>2003-12-21 17:43:02 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 17:43:16 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 17:43:29 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:43:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:43:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 100 - - -
>2003-12-21 17:44:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:44:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:44:39 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:44:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:45:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 100 - - -
>2003-12-21 17:45:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:45:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:45:48 211.38.90.129 - x.x.x.x 80 - - - 404
245 100 - - -
>2003-12-21 17:46:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 116 - - -
>2003-12-21 17:46:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 17:46:29 211.38.90.129 - x.x.x.x 80 - - - 404
245 100 - - -
>2003-12-21 17:46:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:46:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:47:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:47:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:47:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:47:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 17:48:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:48:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 140 - - -
>2003-12-21 17:48:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 17:49:15 211.38.90.129 - x.x.x.x 80 - - - 404
143 96 - - -
>2003-12-21 17:51:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:51:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 17:51:48 211.38.90.129 - x.x.x.x 80 - - - 404
245 133 - - -
>2003-12-21 17:52:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 151 - - -
>2003-12-21 17:52:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:52:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 17:52:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:53:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 17:53:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:53:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 110 - - -
>2003-12-21 17:54:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 17:54:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:54:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 17:54:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:55:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 17:55:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:55:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 17:55:42 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 17:55:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 17:56:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 17:56:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:56:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 17:56:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:57:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:57:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 17:57:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:57:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:58:00 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:58:14 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 17:58:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 17:58:41 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 17:58:55 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 17:59:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 17:59:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 17:59:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 17:59:51 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:00:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:00:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 18:00:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:00:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 18:01:00 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:01:14 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 18:01:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:01:42 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 18:01:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:02:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 75 - - -
>2003-12-21 18:02:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:02:37 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 18:02:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 18:03:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 18:03:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 111 - - -
>2003-12-21 18:03:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:03:46 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:04:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:04:14 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:04:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:04:42 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:04:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 18:05:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 18:05:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 18:05:37 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:05:51 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:06:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:06:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:06:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:06:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:07:01 211.38.90.129 - x.x.x.x 80 - - - 404
143 122 - - -
>2003-12-21 18:07:14 211.38.90.129 - x.x.x.x 80
HEAD /etc/passwd /c+dir+c:\ 404 144 88 - - -
>2003-12-21 18:07:29 211.38.90.129 - x.x.x.x 80 - - - 404
245 75 - - -
>2003-12-21 18:07:43 211.38.90.129 - x.x.x.x 80 - - - 404
143 122 - - -
>2003-12-21 18:07:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:08:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:08:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:08:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:08:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:09:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:09:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:13:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 69 - - -
>2003-12-21 18:14:11 211.38.90.129 - x.x.x.x 80 - - - 404
245 125 - - -
>2003-12-21 18:14:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 126 - - -
>2003-12-21 18:19:29 211.38.90.129 - x.x.x.x 80 - - - 404
245 149 - - -
>2003-12-21 18:19:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:19:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:20:12 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 18:20:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 18:20:39 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:20:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:21:07 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:21:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 18:21:35 211.38.90.129 - x.x.x.x 80 - - - 404
245 107 - - -
>2003-12-21 18:21:48 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 18:22:03 211.38.90.129 - x.x.x.x 80 - - - 404
245 140 - - -
>2003-12-21 18:22:16 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:22:30 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:22:44 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 18:22:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:23:12 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 18:23:26 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:23:40 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 18:23:54 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:24:08 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:24:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 18:24:36 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:24:49 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:25:03 211.38.90.129 - x.x.x.x 80 - - - 404
245 119 - - -
>2003-12-21 18:25:18 211.38.90.129 - x.x.x.x 80 - - - 404
245 97 - - -
>2003-12-21 18:25:31 211.38.90.129 - x.x.x.x 80 - - - 404
245 90 - - -
>2003-12-21 18:25:45 211.38.90.129 - x.x.x.x 80 - - - 404
245 112 - - -
>2003-12-21 18:25:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 90 - - -
>2003-12-21 18:26:13 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:26:27 211.38.90.129 - x.x.x.x 80 - - - 404
245 93 - - -
>2003-12-21 18:26:40 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 18:26:54 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 18:27:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 139 - - -
>2003-12-21 18:27:22 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:27:36 211.38.90.129 - x.x.x.x 80 - - - 404
245 148 - - -
>2003-12-21 18:27:50 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:28:04 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:28:18 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:28:32 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:28:46 211.38.90.129 - x.x.x.x 80 - - - 404
245 65 - - -
>2003-12-21 18:28:59 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 18:29:14 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:29:27 211.38.90.129 - x.x.x.x 80 - - - 404
245 115 - - -
>2003-12-21 18:29:41 211.38.90.129 - x.x.x.x 80 - - - 404
245 103 - - -
>2003-12-21 18:29:55 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:30:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:30:23 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:30:37 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:30:50 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:31:04 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:31:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:31:32 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:31:46 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 18:32:00 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 18:32:14 211.38.90.129 - x.x.x.x 80 - - - 404
245 110 - - -
>2003-12-21 18:32:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 18:32:42 211.38.90.129 - x.x.x.x 80 - - - 404
245 117 - - -
>2003-12-21 18:32:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 117 - - -
>2003-12-21 18:33:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 117 - - -
>2003-12-21 18:33:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 117 - - -
>2003-12-21 18:33:37 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:33:51 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:34:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:34:20 211.38.90.129 - x.x.x.x 80 - - - 404
245 118 - - -
>2003-12-21 18:34:33 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:34:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:35:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 124 - - -
>2003-12-21 18:35:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:35:28 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:35:42 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:35:56 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:36:11 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:36:24 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:36:38 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:36:52 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:37:06 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:37:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:37:34 211.38.90.129 - x.x.x.x 80 - - - 404
245 122 - - -
>2003-12-21 18:37:47 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:38:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 120 - - -
>2003-12-21 18:38:15 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 18:38:30 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 18:38:43 211.38.90.129 - x.x.x.x 80 - - - 404
245 93 - - -
>2003-12-21 18:38:57 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 18:39:10 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 18:39:25 211.38.90.129 - x.x.x.x 80 - - - 404
245 109 - - -
>2003-12-21 18:39:39 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 18:39:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 96 - - -
>2003-12-21 18:40:07 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 18:40:21 211.38.90.129 - x.x.x.x 80 - - - 404
245 91 - - -
>2003-12-21 18:40:35 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:40:49 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:41:03 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:41:16 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:41:30 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:41:44 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:41:58 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:42:12 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:42:26 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:42:39 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:42:53 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:43:08 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:43:22 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:43:35 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:43:50 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:44:04 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:44:17 211.38.90.129 - x.x.x.x 80 - - - 404
245 123 - - -
>2003-12-21 18:44:31 211.38.90.129 - x.x.x.x 80 - - - 404
245 113 - - -
>2003-12-21 18:44:45 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:44:59 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:45:13 211.38.90.129 - x.x.x.x 80 - - - 404
245 121 - - -
>2003-12-21 18:45:27 211.38.90.129 - x.x.x.x 80 - - - 404
245 99 - - -
>2003-12-21 18:45:41 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:45:55 211.38.90.129 - x.x.x.x 80 - - - 404
245 92 - - -
>2003-12-21 18:46:09 211.38.90.129 - x.x.x.x 80 - - - 404
245 95 - - -
>2003-12-21 18:46:23 211.38.90.129 - x.x.x.x 80 - - - 404
245 98 - - -
>2003-12-21 18:46:37 211.38.90.129 - x.x.x.x 80 - - - 404
245 101 - - -
>2003-12-21 18:46:50 211.38.90.129 - x.x.x.x 80 - - - 404
245 104 - - -
>2003-12-21 18:47:05 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 18:47:19 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 18:47:32 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 18:47:46 211.38.90.129 - x.x.x.x 80 - - - 404
245 130 - - -
>2003-12-21 18:48:01 211.38.90.129 - x.x.x.x 80 - - - 404
245 67 - - -
>
>
>.
>

Next message: Christopher Haun: "RE: IIS still vulnerable"
Previous message: Paul Lynch: "Re: IIS still vulnerable"
In reply to: Chris Popescu: "IIS security alert - new attack?"
Next in thread: Mike Larson: "IIS security alert - new attack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: I was hacked
... > I have a Windows 2000 server that is current w/ the latest patches from MS. ... > It is running an IIS server that is configured w/ Microsoft's URLScan tool. ... > It is also running Terminal Services w/ 128 bit encryption turned on. ... > the first visible process of the attack. ...
(alt.computer.security)
Re: I was hacked
... > I have a Windows 2000 server that is current w/ the latest patches from MS. ... > It is running an IIS server that is configured w/ Microsoft's URLScan tool. ... > It is also running Terminal Services w/ 128 bit encryption turned on. ... > the first visible process of the attack. ...
(microsoft.public.inetserver.iis.security)
Website Defacement
... Here is a peice of an IIS 6 log file of a recently defaced site. ... I know that this is somewhat a joke of an attack. ... I have not been to the server I have only reviewed the IIs logs at this point. ...
(Incidents)
I was hacked
... I have a Windows 2000 server that is current w/ the latest patches from MS. ... It is running an IIS server that is configured w/ Microsoft's URLScan tool. ... It is also running Terminal Services w/ 128 bit encryption turned on. ... the first visible process of the attack. ...
(microsoft.public.security)
I was hacked
... I have a Windows 2000 server that is current w/ the latest patches from MS. ... It is running an IIS server that is configured w/ Microsoft's URLScan tool. ... It is also running Terminal Services w/ 128 bit encryption turned on. ... the first visible process of the attack. ...
(microsoft.public.inetserver.iis.security)